Geeks Who Cry Wolf

Every month - sometimes every week - the tech world is 'rocked' by dire warnings of scary-sounding security vulnerabilities, newly discovered in major products and services. But two recent examples didn't pass my sniff test. Here's the scoop…

Some obscure security researcher discovers a vulnerability. “Wolf!” he cries to the tech press. “BIG wolf!” meaning it threatens the entire planet. “A whole PACK of wolves!” he continues, warning that legions of Russian Mafioso and teenaged script-kiddies can use this dangerous knowledge to launch attack after attack against everyone.

The researcher backs up hysterical claims of imminent catastrophe with reams of jargon-laden gibberish that only another certified geek can understand, like this white paper from the group that discovered the Android vulnerability.

In step two, the tech press picks up the “Everybody panic” story and runs with it. They “simplify” the geeky details by glossing over technical details that inconveniently say, “This really isn’t a big deal.” The “secure browsing” story doesn’t include anything new. It has long been known that the HTTPS protocol is, under certain rare conditions, vulnerable to eavesdropping. It is also well established that one’s employer and ISP can monitor any of your activity on their networks that they wish. But suddenly these two facts of life are front-page click-bait… er, “news.”

Then the mainstream media gets hold of the story and “simplifies” it beyond recognition. The top line – “Android updates open backdoor” – becomes the bottom line too. In between are lines of speculation about the horrible things a hacker could do with this exploit, but not one example of anything actually being done. This is the story that makes the office gossip rounds, and everyone panics.

Take a Breath...

Missing from all three steps in the evolution of a scare story are the real-world protections against the potentially dangerous thing.

For example, an app that exploits Android’s update vulnerability would not last long in the Google Play ecosystem. Not only can Google instantly take down an app from its online store, but it can also reach out to users’ phones and “kill” any app that is deemed malicious. Further, the problem only manifests in malicious apps that request system privileges that don't exist on the older Android version, but are granted automatically once the system is updated. So it can only happen if (1) you've downloaded a sketchy app, (2) Google didn't notice the malicious app for months or years, and (3) your phone's version of the Android OS is updated. Never mind that the authors of the study didn't mention a single instance of this ever happening in the real world.

As for employers and ISPs secretly monitoring communications that they represent to you as secured from monitoring, there are laws against such frauds and lawyers to keep their clients scared of huge civil lawsuits. Ane there's almost always a Terms Of Service agreement, explaining to employees that the computer and the Internet access they have at work are provided by the employer. And as such, the employer has every right to restrict or monitor the usage of those resources. Check with your employer for clarification if your company's Internet Terms Of Service do not spell out these issues to your satisfaction.

When you read a security scare story in the mainstream press, look to see if there is even ONE verifiable example of a real person who has been affected. If not, it's probably just a theoretical (or completely non-existent) problem. Or you can go to the geeky source and plow through all the jargon to see what it’s really all about. That often takes me several hours. Even better, subscribe to my newsletter and let me tell you in a few short sentences why the big, bad wolf is just a Chihuahua. :-)

Your thoughts on this topic are welcome! Post your comment or question below...

Most recent comments on "Geeks Who Cry Wolf"

Posted by:
Sandi
27 Mar 2014

Thank you, Bob, for your calm insight. I work in the medical field, and we also get the "wolf-cryers"....unfortunately, in our field, it can also be harmful/fatal. Even my very well-educated, reasonable and normally skeptical friends fall for what should be obvious/utter drivel....

Keep up the great work!

Posted by:
RandiO
27 Mar 2014

You asked "Remember the bogus story from NBC News about the supposed dangers of bringing any electronic gadget to the Sochi Olympics?" I answer "Yes"!
It is getting more and more difficult to determine if Chicken-Little himself is bogus and/or if the sky is truly falling for the umpteenth time, in this day and age.
I sure would like to hear your feelings about the current (bogus) hysteria about US wanting to give up ICANN control and whether it is as dire as the media is making it out to be.
And No >> I won't ask you your feelings about NOT running additional Anti-Virus programs over-and-above MicrosoftDefender that supposed to make all my data so vulnerable to exploitation. I have found out that computing life is much simpler (and enjoyable) if I just don't keep my data exposed to such threats!
IMHO >> You absolutely rock, Bob Rankin!

I must be getting old. I thought that people were supposed to actually work while at work, and I come from a generation when using an employer's equipment for other than work was called 'doing a foreigner' and an instant dismissal offence.

Can employees really complain if the company that pays them for working checks if they are doing personal 'stuff' in work time and/or on work equipment?

You are so right ... First off, the MSM (MainStream Media) simplifies it or "dumbs it down" so that the announcers can even read the message. Please, don't defend a good percentage of announcers, they are not journalists, just people who look good and know how to read a clue card. Yes, there are exceptions and some announcers are very knowledgeable and actually, do their own research. However, they are few in numbers.

I chose to read what well respected Geeks have to say, about these issues. We know, that attacks are done daily, to compromise anyone's computer. People like you, Bob are my "first defense" for these issues, by informing me and telling me why it is bad.
My "second defense" is my Security methods, on my computer ... My Anti-Virus program Avast! Internet Security, Malwarebytes Pro, CCleaner Pro, Glary Utilities Pro and PrivaZer.

Is my "second defense" always there, to protect me? Of course not! I can easily click on the wrong thing, while on the Internet and get captured. I did that with my Conduit mess ... I didn't read your article, back in February 2013 of the CNET downloading website and having CNET installing pseudo quasi malware, that was one of the most difficult computer crap, that I have ever had to remove!!! I am still kicking myself, for NOT reading that article. I get your newsletters all the time, not really sure where my brain was that day. LOL :)

Posted by:
Cliff
27 Mar 2014

Well said......should be mandatory reading to all humanity.

Posted by:
Daniel
27 Mar 2014

I absolutely agree with you. But, since you mentioned Chihuahuas, I had to remind you of this just for humor sake: http://www.huffingtonpost.com/2014/02/24/packs-of-chihuahuas-arizona_n_4848543.html

Posted by:
Robert Kemper
27 Mar 2014

Another good example of why I never pay much attention to anything that the blankety blank
make believe "news media" try to tell me.

Posted by:
Charles
27 Mar 2014

This sort of reporting takes place in all areas, not just the tech field. I'm old enough to remember when there were professional reporters, instead of today's reporters that want to make the news.

Posted by:
Alyce
27 Mar 2014

Thank you, Bob. I am the closest thing we have to a geek in the family ("Honey! It's giving me that ERROR message again, can you FIX it??" LOL!) and a week doesn't go by that SOMEONE isn't sending me an "article" about some new threat that they are sure will eat the hard drive and make the Internet unstable for 99 years....YIKES! I used to read the article and show them how this is HIGHLY UNLIKELY but now I just tell them, "SUBSCRIBE to 'Ask Bob Rankin', if it's an issue HE will have written a great article about it!" LOVE your newsletter!

Posted by:
bb
28 Mar 2014

Another one like this just came across my desk, "WPA2 Wifi Security Cracked!" from http://www.sciencedaily.com/releases/2014/03/140320100824.htm - picked up by a large number of secondary sites.
The breathless research found that that WPA2 is subject to a brute force attack! And specially if one used simple passwords!! Oh no!!!
(For the security un-aware, *all* encryption is subject to brute force, it's just a matter of time and how many characters in the password. See 'How big is your haystack?' at https://www.grc.com/haystack.htm)

Posted by:
TheRube
28 Mar 2014

@Alyce:

You gave extremely good advice. Have someone you love (or hate) subscribe to www.askbobrankin.com!
It is worth the investment.

TR

Posted by:
Tony
28 Mar 2014

Bob - wholeheartedly agree with the nuance of your article. The cyber world is awash with conspiracy theorists, false flaggers and plain old nut jobs who spew out psychotic gibberish particularly pseudo journalists who would be better off acquiring other positive skill sets

Posted by:
Tolbert Tillman
29 Mar 2014

"Scares" such as this make me appreciate that we have those like you who help keep us aware of the as a country boy would call them "bad bs" seems as if those who do this have too much idle time, they need something to do and too bad it isnt worthwhile for the public

Post your Comments, Questions or Suggestions

* Name:
* Email:
(* = Required field)

(Your email address will not be published)

Comments: (you may use HTML tags for style)

YES... spelling, punctuation, grammar and proper use of UPPER/lower case are important! Comments of a political nature are discouraged. Please limit your remarks to 3-4 paragraphs. If you want to see your comment posted, pay attention to these items.

All comments are reviewed, and may be edited or removed at the discretion of the moderator.

NOTE: Please, post comments on this article ONLY.
If you want to ask a question click here.